A Secure Proxy Signature Scheme Based on the Hardness of the Decisional Diffie-Hellman Problem

Constantin PopescuDepartment of Mathematics and Computer Science, University of Oradea
Oradea 410087, ROMANIA

Abstract:

In this paper we present a secure proxy signature scheme, which allows an original signer to delegate his/her signing capability to a proxy signer. Then the proxy signer can sign a message on behalf of the original signer. The proposed proxy signature scheme is based on the hardness of the decisional Diffie-Hellman problem. We give the formal definition and security model of a proxy signature scheme and prove its security in our security model. Our proxy signature scheme does not use bilinear pairings, which results in greater efficiency and ease of implementation.

The notion of proxy signature was introduced by Mambo, Usuda and Okamoto in 1996 [1]. The proxy signature scheme allows the original signer to delegate his/her signing right to the proxy signer to sign a message on behalf of the original signer. Afterwards, a verifier, which knows the public keys of the original signer and the proxy signer, can verify the validity of the proxy signature issued by the proxy signer. Based on the delegation type, the proxy signature schemes are classified in full delegation, partial delegation and delegation by warrant. In a full delegation proxy signature scheme, a proxy signer uses the same private key as the original signer and generates a proxy signature as the original signer does. The disadvantage of the full delegation comes from the difficulty of distinguishing between the original signer and the proxy signer. In the partial delegation proxy signature scheme, an original signer derives a proxy key from his private key and sends it to a proxy signer in a secure channel. In a proxy signature scheme with delegation by warrant, the original signer gives a proxy signer a special message, namely, warrant. A warrant certifies that the proxy signer is legal and consists of signers’ identity, delegation period and the types of the message on which the proxy signer can sign. Also, proxy signature schemes can be classified as proxy-unprotected and proxy-protected schemes. In an proxy-protected scheme, the original signer cannot forge a proxy signature in the name of the proxy signer. The proxy-protected schemes provide more security level than the proxy-unprotected signature schemes. A lot of proxy signature schemes [6], [7] and some ID-based proxy signature schemes with special features were proposed, such as identity-based multi-proxy signature [8], [9], identity-based strong designated verifier proxy signature [10], [11]. Cao and Cao [9] claimed that their scheme is provably secure in the random oracle model. However, Xiong et al. [12] proved that their scheme is not secure under their security model. The first proxy signature scheme based on the factoring integer problem is proposed by Shao [13], in 2003. Recently, Zhou et al. [14] proposed two efficient proxy protected signature schemes. Their first scheme is based on RSA [15] assumption and the second scheme is based on the integer factorization problem. Zhou et al. [14] claim that their schemes are more efficient than other schemes. However, Park et al. [16] point out their schemes are insecure. Moreover, Liu et al. [17] point out that Zhou et al.’s [14] schemes are vulnerable to the undelegated proxy signature attack: any attacker without the delegation of the original signer can generate a valid proxy signature. Xue et al. [18] proposed two proxy signature schemes based on the difficulty of factorings of large integers without formal security proofs. Recently, Shao [19] proposed proxy protected signature scheme based on RSA. Also, most proxy signature schemes are based on the difficulty of discrete logarithm problem [20] or elliptic curve discrete logarithm problem [21]. Chen et al. proposed in [20] a proxy signature scheme based on the Digital Signature Algorithm (DSA). Mambo et al. [1], [22] proposed three proxy signature schemes based on ElGamal’s signature scheme [23], Schnorr’s signature scheme [24], and Okamoto’s signature scheme [25]. Proxy signature schemes are useful in many applications [29], [30] such as electronic payment systems [2], [3] and wireless networks [4], [5].

In this paper we propose a secure proxy signature scheme based on the hardness of the decisional Diffie-Hellman problem. The proposed proxy signature scheme is derived from the Goh et al.’s signature scheme [26]. Our proxy signature scheme inherits the strength security properties of the signature scheme proposed in [26].

The rest of this paper is organized as follows. In the next section we review the model of a proxy signature scheme. Then we present our proxy signature scheme in the section 3. Furthermore, we discuss some aspects of security in the section 4. The section 5 concludes the work of our paper.